Method and apparatus for entity authentication
First Claim
1. A method of authenticating a user attempting access into a host facility from a remote subscriber site, comprising the steps of:
- generating a challenge code including a random digital sequence at the host;
encrypting the challenge code by cryptographically applying a key code to said digital sequence to produce a host-encrypted code;
transmitting a modified version of the challenge code by encoding said challenge code into a dual-tone-multi-frequency (DTMF) signal format suitable for transmission to a first electronic device at the subscriber site; and
acoustically coupling the DTMF signal received at the first electronic device at the subscriber site onto a transmission medium in operable communication with a second electronic device at the subscriber site;
encrypting the challenge code at the second electronic device at the subscriber site to produce a user-encrypted code;
transmitting by the second electronic device the user-encrypted code to the first electronic device and transmitting by the first electronic device the user-encrypted code to the host; and
comparing at the host the user-encrypted code to the host-encrypted code and, if a match is found, permitting the user to access the host.
2 Assignments
0 Petitions
Accused Products
Abstract
A cryptography-based entity authentication device (EAD) operated by a remote entity located at a subscriber site enables a telephone switch or computer system to identify and verify the authenticity of the entity. In one embodiment, the EAD encrypts a random digital sequence transmitted by a host facility and returns the encrypted signal to the host for comparison with another encryption signal generated locally by the host. If a match is detected, this serves as confirmation that the remote entity possesses the same encryption key as the host, therefore verifying the authenticity of the remote entity. Otherwise, the entity is deemed fraudulent and access is denied. In another embodiment, the host and subscriber site each include a respective time generation means which are maintained in relative time synchronicity. The EAD generates and encrypts a time signal for comparison with another encrypted time signal generated locally by the host. Transmissions between the host and subscriber site occur in a DTMF signal format to ensure compatibility with existing PSTN media.
-
Citations
19 Claims
-
1. A method of authenticating a user attempting access into a host facility from a remote subscriber site, comprising the steps of:
-
generating a challenge code including a random digital sequence at the host; encrypting the challenge code by cryptographically applying a key code to said digital sequence to produce a host-encrypted code; transmitting a modified version of the challenge code by encoding said challenge code into a dual-tone-multi-frequency (DTMF) signal format suitable for transmission to a first electronic device at the subscriber site; and
acoustically coupling the DTMF signal received at the first electronic device at the subscriber site onto a transmission medium in operable communication with a second electronic device at the subscriber site;encrypting the challenge code at the second electronic device at the subscriber site to produce a user-encrypted code; transmitting by the second electronic device the user-encrypted code to the first electronic device and transmitting by the first electronic device the user-encrypted code to the host; and comparing at the host the user-encrypted code to the host-encrypted code and, if a match is found, permitting the user to access the host. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of authenticating a user attempting access to a host facility from a subscriber site having two devices located thereat, comprising the steps of:
-
at the host, generating a digital sequence; encrypting the digital sequence; encoding a duplicate version of the digital sequence into a dual-tone-multi-frequency (DTMF) signal format; transmitting the DTMF signal to the user site; at the subscriber site, decoding by a first device the DTMF signal transmitted from the host into said digital sequence; encrypting by a first device said digital sequence; encoding by a first advice the encrypted digital sequence into a DTMF signal format; sending safe DTMF signal format to a second device; transmitting by the second device the DTMF signal to said host; at the host, detecting the DTMF signal transmitted from the second device and recovering the user-encrypted digital sequence; and comparing the host-encrypted digital sequence with the user-encrypted digital sequence to determine if a match condition exists.
-
-
7. A system including a subscriber site having a first and second device located there at and a host facility, comprising:
-
at the host, signal generation means for generating a random digital code; encryption means coupled to the signal generation means for encrypting said digital code using a host encryption key; encoder means coupled to the signal generator means for encoding a duplicate version of said digital code into a dual-tone-multi-frequency (DTMF) signal format; transmission means coupled to the encoder means for transmitting said DTMF signal to the subscriber; at the subscriber site, decoder means of a first device for detecting the DTMF signal transmitted from the host and recovering said digital code; encryption means at said first device coupled to the decoder means for encrypting said digital code using a user encryption key; encoder means at said first device coupled to the encryption means for encoding said user-encrypted digital code into a DTMF signal format; sending means at said first device for sending said DTMF signal format to a second device at the subscriber site; transmission means of said second device, coupled to the encoder means transmitting said DTMF signal to the host; at the host, decoder means for detecting the DTMF signal transmitted from the second device and recovering said user-encrypted digital code; comparator means coupled to said host encryption means and said host decoder means for comparing the host-encrypted digital code to said user-encrypted digital code. - View Dependent Claims (8)
-
-
9. In a communications environment including a host facility and subscriber, said host facility including means for generating a digital code, means for encoding the digital code into a DTMF signal format, and means for transmitting the DTMF signal to said subscriber site, said subscriber site consisting of a first and second device, including an entity authentication apparatus comprising:
-
detection means at said second device for acoustically detecting the DTMF signal transmitted from said host; decoder means coupled to said detection means for recovering the digital code; encryption means coupled to said decoder means for encrypting said recovered digital code; encoder means coupled to said encryption means for encoding the subscriber-encrypted digital code into a DTMF signal format; and transmission means coupled to said encoder means for acoustically transmitting the DTMF signal to said first device transmission means at said first device for transmitting the DTMF signal to said host. - View Dependent Claims (10, 11)
-
-
12. A method of authenticating a user attempting access to host facility from a subscriber site, comprising the steps of:
-
generating a respective time code representative of time at the host and at the subscriber site; encoding the host time signal into a host digital time sequence; encoding the subscriber time signal into a subscriber digital time sequence; encrypting the respective time codes to produce a host-encrypted time code and a user-encrypted time code at the host and subscriber site, respectively by cryptographically applying a user key to the subscriber digital time sequence and cryptographically applying a host key to the host digital time sequence; transmitting said user-encrypted time code in a dual-tone-multi-frequency (DTMF) signal format by acoustically coupling the DTMF signal onto a transmission media to said host; comparing the user-encrypted time code to the host-encrypted time code at the host to determine if a match condition is satisified. - View Dependent Claims (13)
-
-
14. A system including a host and subscriber site, comprising:
-
at the subscriber site, means for generating a time code; means for encrypting the time code to produce a user-encrypted time code; means for transmitting the user-encrypted time code to said host; at the host, means for generating a time code; means for encrypting the time code to produce a host-encrypted time code; means for detecting the user-encrypted time code transmitted from said subscriber; and comparison means for comparing the host-encrypted time code to said user-encrypted time code to determine if a match condition exists. - View Dependent Claims (15)
-
-
16. In a communications system including a host facility and subscriber site, said subscriber site including an entity authentication apparatus comprising:
-
signal generation means for generating a signal representative of time; digital encoder means for encoding the time signal into a digital signal; encryption means for encrypting the digital signal to produce a user-encrypted time code; audio encoder means for converting the user-encrypted time code into a dual-tone-multi-frequency (DTMF) signal format; and transmission means for transmitting the DTMF signal to the host site. - View Dependent Claims (17, 18, 19)
-
Specification